...
Get the gateway-identity public key from Apache Knox {GATEWAY_HOME}/data/security/keystores/gateway.jks via keytool or portecle (see Extracting Knox Public Key for SAML IdP Configuration section for details)
Get the SSO provider URL for the KnoxSSO websso endpoint (i.e. https://c6401.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso)
su to root {pw: vagrant}
start the sso wizard:
...
[root@c6401 knox-0.9.0]# ambari-server restart
Extracting Knox Public Key for
...
IdP Configuration
There are multiple ways that you can do this.
The following will use keytool and openssl to first extract a der PEM encoded cert and then to convert DER to PEM encodingfrom the gateway keystore:
[vagrant@c6401 knox-0.9.0]$ keytool -exportexportcert -keystore data/security/keystores/gateway.jks -alias gateway-identity -filerfc -file gateway.cerpem
Enter keystore password:{master secret}
Certificate stored in file <gateway.cer>
Now convert the cer file into pem encoding via openssl:
[vagrant@c6401 knox-0.9.0]$ openssl x509 -inform der -in gateway.cer -out gateway.pempem>
For the Ambari SSO wizard the content between
...
<value>30000</value>
</param>
<param>
<name>knoxsso.redirect.whitelist.regex</name>
<value>^https?:\/\/(c64\d\d\.ambari\.apache\.org|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
</param>
</service>
</topology>